The remote host is missing updates announced inadvisory RHSA-2008:0879.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,CVE-2008-4063, CVE-2008-4064)

Several flaws were found in the way malformed web content was displayed. Aweb page containing specially crafted content could potentially trick aFirefox user into surrendering sensitive information. (CVE-2008-4067,CVE-2008-4068)

A flaw was found in the way Firefox handles mouse click events. A web pagecontaining specially crafted JavaScript code could move the content windowwhile a mouse-button was pressed, causing any item under the pointer to bedragged. This could, potentially, cause the user to perform an unsafedrag-and-drop action. (CVE-2008-3837)

A flaw was found in Firefox that caused certain characters to be strippedfrom JavaScript code. This flaw could allow malicious JavaScript to bypassor evade script filters. (CVE-2008-4065)

For technical details regarding these flaws, please see the Mozillasecurity advisories for Firefox 3.0.2. You can find a link to the Mozillaadvisories in the References section.

All firefox users should upgrade to this updated package, which containsbackported patches that correct these issues.

Solution:Please note that this update is available viaRed Hat Network. To use Red Hat Network, launch the RedHat Update Agent with the following command: up2date